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FIG.4 



PRIVATE AND PUBLIC KEY PAIR IS GENERATED 



PRIVATE KEY IS SECRETELY STORED IN MANAGEMENT 
SERVER; PUBLIC KEY IS PUBLISHED 
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OPERATOR REQUESTS TOOL AND 
SWITCH USER ON MANAGED NODE 



MANAGEMENT SERVER GENERATES SU DOCUMENT 
AND SIGNS IT WITH PRIVATE KEY 
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MANAGEMENT SERVER SENDS SU CERTIFICATE 
TO MANAGED NODE TOGETHER WITH CALL TO PERFORM 
THE TOOL UNDER THE REQUESTED USER ACCOUNT 
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AGENT RECEIVES CALL AND FORWARDS 
SU CERTIFICATE TO DOMAIN CONTROLLER 



DOMAIN CONTROLLER VERIFIES SIGNATURE 
WITH PUBLIC KEY OF MANAGEMENT SERVER 
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DOMAIN CONTROLLER SENDS 
SU TOKEN TO MANAGED NODE 



MANAGED NODE PERFORMS SU 
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